Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in December 2010
Three 2011 Security Resolutions (for the uninitiated)
Commentary  |  12/31/2010  | 
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
New Snort Front-End Adds Speedy Analysis, Ease Of Use
Commentary  |  12/30/2010  | 
Snorby is a new free, open-source analysis front-end to the popular Snort IDS that is fast and usable
Meet The "SMS of Death"
Commentary  |  12/30/2010  | 
If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
Information Security Predictions 2011
Commentary  |  12/29/2010  | 
Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
As More SMBs Engage Online Security Concerns Grow
Commentary  |  12/27/2010  | 
Almost three quarters of small and midsize businesses were victims of cyberattacks in the past year; these tips on Web hosting and cloud security can help boost your businesses defenses.
Why SMBs Aren't Buying DLP
Commentary  |  12/27/2010  | 
Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.
SCADA Security Heats Up
Commentary  |  12/27/2010  | 
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
Microsoft Moves To Block Zero Day Attack
Commentary  |  12/22/2010  | 
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
Why All The Big Deals?
Commentary  |  12/22/2010  | 
Have you noticed that there seems to be a lot more "big" deals when it comes to storage acquisitions lately? Dell-Compellent, EMC-Isilon, HP-3PAR, EMC-Data Domain. This is not to say that there hasn't been smaller deals and part of the reason for the increase in big deals is perception, there is more to discuss which generates more press. There is however strategic reasoning behind the increase in larger deals.
'Tis Attack Season: 5 Ways To Fight Back
Commentary  |  12/22/2010  | 
For most of us, it's time for sleeping in, spending time with family, and ignoring e-mail. For criminals, it's time to go to work. Scammers are looking to exploit e-card traffic, sales promotions, and the general jolliness of Internet users. What better time to attack unwatched enterprise systems, siphon out data, and dig deeper into networks?
Schwartz On Security: Don't Get Hacked For the Holidays
Commentary  |  12/22/2010  | 
The Gawker data breach highlights how few companies employ passwords for security, and how many Web site users treat them as little more than a nuisance.
What If Data Services Were Free?
Commentary  |  12/21/2010  | 
Data services is my term for the storage software that most storage hardware vendors include to make their hardware a solution. The capabilities of these software applications include the basics like volume provisioning and advanced features like file services, snapshots, thin provisioning and replication. What if you could get these software functions for free and apply them to the hardware of your choice?
Security Design Fail
Commentary  |  12/19/2010  | 
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
Hacked: A Reformed Victim's Story
Commentary  |  12/17/2010  | 
What I learned as a hacking victim and how you could prevent something similar from happening to you or a loved one
Take A Deep Breath
Commentary  |  12/17/2010  | 
In the midst of the recent surge of security hype and angst, a dose of perspective
Reputation Can't Be Delegated
Commentary  |  12/16/2010  | 
A massive e-mail breach affecting Walgreens, McDonald's and others proves that while services can be outsourced, and responsibility delegated - reputation stays with you.
Why Chrome OS Will Succeed
Commentary  |  12/15/2010  | 
Google's "third choice" of operating system will sell itself to businesses and schools.
What Disaster Are You Planning For?
Commentary  |  12/14/2010  | 
When the subject of disaster recovery comes up many IT professionals' minds immediately flash to an epic event like a fire, hurricane, tornado or earthquake. While this is fine for a point of reference, what about planning for the more mundane disaster? These simple disasters can often cost you as much in revenue and brand reputation than their larger alternatives.
Gawker Goof
Commentary  |  12/13/2010  | 
Sometimes it helps knowing what not to do with database security to clarify why you need database security -- and sometimes somebody else goofs up real bad and sheds light on the little security details you need to get right
Patch Tuesday: Too Big To Ignore?
Commentary  |  12/13/2010  | 
Any IT administrators hoping to get an early jump on the holidays this week face a big disappointment: 40 software updates coming from Redmond this month.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
On To 2011
Commentary  |  12/13/2010  | 
2011 will be the year we catch the first glimpse of the biometric movement
Researchers: Major Ad Networks Serving Malware
Commentary  |  12/11/2010  | 
Researchers at web security firm Armorize Technologies recently discovered that DoubleClick and Microsoft ad networks were serving (for a brief time) a banner ad tainted with malware. The attack could had of impacted millions, the researchers day.
The Hazards Of Bot Volunteerism
Commentary  |  12/10/2010  | 
Not only can you get caught, you can also get 0wned if the bot software is malicious
Is The Storage Industry Consolidated?
Commentary  |  12/10/2010  | 
There have long been predictions that the storage industry would consolidate down to three or four vendors. A few weeks ago EMC made a bid to buy Isilon and yesterday Dell made a bid to buy Compellent for $876 million dollars. These deals come on the heels of the dramatic HP - Dell bidding war over 3PAR. Is the storage industry consolidated? Not even close.
Monitoring Challenges For NERC/FERC Environments
Commentary  |  12/10/2010  | 
Many vendors claim to be entrenched within NERC and FERC regulated critical infrastructure clients, but few understand where the real goldmine of data resides
Why 2010 Will Make 2011 The Year Of SSD
Commentary  |  12/8/2010  | 
In technology we are always looking for next year to be the year of something. Reality is that most technologies don't establish themselves in a single year, but 2011 could be the year that solid state storage makes significant inroads into the enterprise data center and that work will be because of what was done in 2010.
California Does Health Care Data Breaches Right
Commentary  |  12/7/2010  | 
Since this spring, the California Department of Public Health has fined 12 health facilities about $1.5 million as a result of data breaches. Let's hope they keep fining organizations that fail to properly protect patient data.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
What Appliances Should Be Virtualized?
Commentary  |  12/3/2010  | 
In our last entry we discussed the value of virtual appliances and how they might be a better option for the data center than stand alone appliances are today. If you agree that there is value in leveraging the virtual infrastructure for appliances then the next step is to decide which appliances make the most sense to be virtualized.
Wikileaks: The Canary In The Coal Mine For DLP
Commentary  |  12/2/2010  | 
The supposedly confidential State Department memos ('cables' in the quaint, antiquated parlance of diplomats) oozing out in dribs and drabs this week prompts many questions, but for the IT professional none is more acute than "how could something like this even happen?" This marks the third time in the last six months that the Web's premier whistleblower outlet has release dsensitive government reports. Admittedly, most of these aren't highly classified (and none are "top secret), nor even all t
The Value Of Virtual Appliances
Commentary  |  12/1/2010  | 
Vendors created the appliance market by delivering their software applications pre-installed on standalone servers. The goal was to simplify installation for the users and to make support easier thanks to the consistent hardware platform. The downside to appliances is that there is an added hardware cost and when performance needs to be upgraded it often requires a new appliance. These issues can be addressed by leveraging server virtualization to create virtual appliances.

COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.